[CentOS] RH's servers breached

Jim Perrin jperrin at gmail.com
Fri Aug 22 19:25:21 UTC 2008


On Fri, Aug 22, 2008 at 1:59 PM, Scott Beardsley <scott at cse.ucdavis.edu> wrote:
>> What's the point on this for us, CentOS users ?
>
> I'd like to know if CentOS has been affected by RH's compromise. Can someone
> please comment? AFAIK, CentOS builds from RHEL SRPMs right? So as Rui
> mentioned the script that RH provided is useless. They do give the version
> info of the compromised packages:


Russ has posted some information about this to planet.centos.org, but
basically at this point it does not appear to affect the CentOS
population. Karanbir has been crawling through the build system to
verify this, and we may release an announcement about this later.

 If you want to check this out on your own, see ->
http://www.securiteam.com/exploits/5MP0E20CAM.html for details, or for
the short version run 'strings /usr/sbin/sshd | grep bella'



-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell


More information about the CentOS mailing list